Hi folks, i'm looking for a nice workaround for the following prob: I've 3 IF's, user lan, dmz and an external inet link, now i'd like to dnat incomming requests like: $IPTABLES -A FORWARD -i $EXT -o $DMZ -d 10.0.10.2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $DMZ -o $EXT -s 10.0.10.2 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -t nat -A PREROUTING -i eth0 -j DNAT --to 10.0.10.2 the above sample works fine, $EXT represent eth0 which is the outside IF, in addition i created a virtual if named eth0:1 which i can't address in iptables (wierd character : ) . I;m not getting any ruleset to work unless i'm using "-i eth0", the workaround like eth0+ doesnt help , did anybody dealed with this prob before ???? Many thanks Matthias Krauss